• November 24, 2020, 09:52:48 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Internal Firewalls  (Read 2948 times)

0 Members and 1 Guest are viewing this topic.

Offline jruocco

  • Rookie
  • **
  • Posts: 3
    • http://au.linkedin.com/pub/jordan-ruocco/73/11b/31b
Internal Firewalls
« on: May 01, 2014, 10:38:34 PM »
Hi Guys,

First off, I'm new to the forum so Hello!

Hope someone can help me with the a question I have about the standard practice around internal firewalls and securing the server infrastructure from the clients.

Is it a common practice or is it recommended? It seems like adding a layer of complexity for no extra benefit, or am I wrong?

The overall design would appear like this:



Thanks!


Online Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 961
Re: Internal Firewalls
« Reply #1 on: May 02, 2014, 04:05:11 AM »
Hi jruocco and welcome to the forum,

Yes, this is now common practice for Internet facing servers.

Basically, the firewall makes it more difficult firstly for hackers (Internal/external) to get to the servers and if the servers are impacted minimize the risk for the rest of the Internal Network.

CheerZ

Offline jruocco

  • Rookie
  • **
  • Posts: 3
    • http://au.linkedin.com/pub/jordan-ruocco/73/11b/31b
Re: Internal Firewalls
« Reply #2 on: May 04, 2014, 07:25:01 PM »
Our internet facing servers are in a DMZ, so they sit behind their own firewalled zone.

This plan is more for our back end servers. i.e. File and Print, SCOM, Citrix, SCCM.

Online Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 961
Re: Internal Firewalls
« Reply #3 on: May 05, 2014, 03:17:58 PM »
Hi jruocco,

Then in theory you do not need your backend servers 'firewalled' unless there is something on them that shouldn't be readily available?

CheerZ

Offline jruocco

  • Rookie
  • **
  • Posts: 3
    • http://au.linkedin.com/pub/jordan-ruocco/73/11b/31b
Re: Internal Firewalls
« Reply #4 on: May 05, 2014, 06:30:50 PM »
It's more to ensure our server infrastructure is kept safe from our remote sites. Because we do not have any control over the physical equipment out there or who accesses the infrastructure on any given day, we need to ensure we have protected them the best we can.